Snort mailing list archives
Re: BASE Feature Suggestion to Display Rule Source
From: Kevin Johnson <kjohnson () secureideas net>
Date: Fri, 16 Sep 2005 15:45:06 -0400
On Fri, 2005-09-16 at 09:42 +0100, Alex Butcher, ISC/ISYS wrote:
--On 15 September 2005 18:18 -0500 "McCash, John" <John.McCash () andrew com> wrote:From the BASE config file, it looks like the <snort> tag is more or less just forwarded to the sourcefire URL with a sid number, and the resultant page is displayed. It strikes me (as a non PHP programmer, no flames please) that it should not be terribly difficult to have BASE instead display a web page with two frames, and put the sourcefire stuff in one, while simultaneously displaying the full text of the referenced rule (pulled from a locally maintained copy of all rules in use) in the other.Indeed - I did this for my local copy of ACID about a year ago. I ported my patch to BASE a few weeks back. Kevin basically liked it, but wanted to tweak it slightly to allow the location of the rules to be modified. I guess it might show up in the next release. I've attached my patch against 1.1.4, FWIW.JohnBest Regards, Alex.
Hi- Kevin did like it, along with your other patches.<g> I should be getting most of them into CVS this weekend and after testing the next release will include them. Kevin --------------------- BASE Project Lead http://sourceforge.net/projects/secureideas http://base.secureideas.net The next step in IDS analysis!
Attachment:
signature.asc
Description: This is a digitally signed message part
Current thread:
- BASE Feature Suggestion to Display Rule Source McCash, John (Sep 15)
- Re: BASE Feature Suggestion to Display Rule Source Joel Esler (Sep 15)
- Re: BASE Feature Suggestion to Display Rule Source Alex Butcher, ISC/ISYS (Sep 16)
- Re: BASE Feature Suggestion to Display Rule Source Kevin Johnson (Sep 16)